(c) \associating the user with roles; 

(d) cheating a user context instance upon successful identification of 
the user, wherein the user context instance includes information about the 
user including theVoles; 

(e) receiving^ request from the user to invoke a first service on a 
first component, wherein the first component invokes a second service of a 
second component, and wherein completion of the second service is 
necessary to complete the fihst service; 

(f) querying the user^ntext for the information about the user; 

(g) comparing the user information with an access control list for 

verifying that the user has access tcXthe first component; and 

\ 

(h) comparing the user information with an access control list for 



verifying that the user has access to the second service of the second 
component. 



5. A method as \ecited in claim 4, wherein the first service invoked 
associates any objects created, updated, or deleted as a result of the 
invocation of the f\rs\ service with the user context instance. 



7K A computer program embodied on a computer readable medium for 
maintaining a security profile throughout nested service invocations on a 
distributea>component-based system, comprising: 

(a) a OTde segment that provides interconnections between 
distributed components each having nested service invocations; 

(b) a code segme<it that identifies a user; 

(c) a code segmenrttaat associates the user with roles; 

(d) a code segment tharsreates a user context instance upon 
successful identification of the user> wherein the user context instance 
includes information about the user including the roles; 
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(e) \a code segment that receives a request from the user to invoke 
a first serviceson a first component, wherein the first component invokes a 
second service of a second component, and wherein completion of the 
second service is necessary to complete the first service; 

(f) a code segment that queries the user context for the information 
about the user; 

(g) a code segment fhat compares the user information with an 
access control list for verifying tfta^ the user has access to the first 
component; and 

(h) a code segment that compa>es the user information with an 
access control list for verifying that the use\has access to the second service 
of the second component. 



11. A computer pripgram as recited in claim 10, wherein the first service 
invoked associates amy objects created, updated, or deleted as a result of 
the invocation of the first service with the user context instance. 



>3. A system for maintaining a security profile throughout nested service 
invocations on a distributed, component-based system, comprising: 
(a,| logic that provides interconnections between distributed 
components each having nested service invocations; 

(b) logic that identifies a user; 

(c) logic\hat associates the user with roles; 

(d) logic that creates a user context instance upon successful 
identification of the user*, wherein the user context instance includes 
information about the useNncluding the roles; 

(e) logic that receives^ request from the user to invoke a first 
service on a first component, wrierein the first component invokes a second 
service of a second component, anchwherein completion of the second 



service is necessary to complete the firs^ service; 

Page 5^ 



\ 

(f) logic that queries the user context for the information about the 

user; 

(g) logic that compares the user information with an access control 
ist for verifying that the user has access to the first component; and 

(h) logic that compares the user information with an access control 
list for verifying that the user has access to the second service of the second 
component. 

17. A system aslrecited in claim 16, wherein the first service invoked 
associates any objects created, updated, or deleted as a result of the 
invocation of the fiqst service with the user context instance. 
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